Skip to main content
CVE-2020-17450 MEDIUM POC This Month

PHP-Fusion 9.03 allows XSS on the preview page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Php Fusion
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-17362 MEDIUM POC This Month

search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress PHP Nova Lite
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2020-13278 MEDIUM POC PATCH This Month

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Student Information System
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2020-17361 MEDIUM POC This Month

An issue was discovered in ReadyTalk Avian 1.2.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avian
NVD GitHub
CVSS 3.1
5.5
EPSS
1.2%
CVE-2020-17449 MEDIUM POC This Month

PHP-Fusion 9.03 allows XSS via the error_log file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Php Fusion
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-2231 MEDIUM POC PATCH This Month

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely', resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jenkins
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
5.3%
CVE-2020-2230 MEDIUM POC PATCH THREAT This Month

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jenkins
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
83.1%
CVE-2020-2229 MEDIUM POC PATCH This Month

Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jenkins
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
6.8%
CVE-2020-17372 MEDIUM POC This Month

SugarCRM before 10.1.0 (Q3 2020) allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Sugarcrm
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-16266 MEDIUM POC PATCH This Month

An XSS issue was discovered in MantisBT before 2.24.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Mantisbt
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2020-17373 MEDIUM POC This Month

SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-15596 MEDIUM This Month

The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on various Dell, HP, and Lenovo laptops, allows attackers to conduct Path Disclosure attacks via a "fake" DLL file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

HP Lenovo Dell Information Disclosure Elite X2 1012 G1 Firmware +13
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2020-8905 MEDIUM PATCH This Month

A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Asylo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2020-6293 MEDIUM This Month

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload SAP Netweaver Knowledge Management
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2235 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows attackers to connect to an attacker-specified JDBC URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Pipeline Maven Integration
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2020-2234 MEDIUM PATCH This Month

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to connect to an attacker-specified JDBC URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Pipeline Maven Integration
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-2233 MEDIUM PATCH This Month

A missing permission check in Jenkins Pipeline Maven Integration Plugin 3.8.2 and earlier allows users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Pipeline Maven Integration
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-7300 MEDIUM This Month

Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Data Loss Prevention
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2020-16145 MEDIUM PATCH This Month

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmail Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2020-15137 MEDIUM This Month

All versions of HoRNDIS are affected by an integer overflow in the RNDIS packet parsing routines. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Horndis
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2020-2236 MEDIUM PATCH This Month

Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Yet Another Build Visualizer
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-17507 MEDIUM PATCH This Month

An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qt Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
3.9%
CVE-2020-13288 MEDIUM This Month

In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerability exists in the CI/CD Jobs page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gitlab
NVD
CVSS 3.1
4.8
EPSS
4.0%
CVE-2020-6300 MEDIUM This Month

SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS SAP Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-7301 MEDIUM This Month

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS File Upload Data Loss Prevention
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2020-6297 MEDIUM This Month

Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

SAP Information Disclosure Data Intelligence
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-6310 MEDIUM This Month

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-6299 MEDIUM This Month

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Netweaver Application Server Abap
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2020-6273 MEDIUM This Month

SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass S 4 Hana Fiori Ui For General Ledger Accounting
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2020-2237 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Test Handler Plugin 1.0.4 and earlier allows attackers to rebuild a project at a previous git revision. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jenkins Flaky Test Handler
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy